Bug 54626 - Chrome NET::ERR_CERT_COMMON_NAME_INVALID for subdomain covered by wildcard certificate
Summary: Chrome NET::ERR_CERT_COMMON_NAME_INVALID for subdomain covered by wildcard ce...
Status: RESOLVED DUPLICATE of bug 53288
Alias: None
Product: UCS
Classification: Unclassified
Component: SSL
Version: UCS 5.0
Hardware: Other Linux
: P5 normal
Target Milestone: ---
Assignee: UCS maintainers
QA Contact: UCS maintainers
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-03-30 19:56 CEST by Arvid Requate
Modified: 2022-03-30 20:01 CEST (History)
0 users

See Also:
What kind of report is it?: Development Internal
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Customer ID:
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2022-03-30 19:56:25 CEST 
I installed the keycloak app from the test appcenter, which creates a reverse proxy for keycloak.primary20.ucs50domain.net and Terminates TLS on apache.

https connection works with firefox, but not in chrome. Error message:

Your connection is not private
Attackers might be trying to steal your information from keycloak.primary20.ucs50domain.net (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_COMMON_NAME_INVALID
Subject: *.primary20.ucs50domain.net
Issuer: Univention Corporate Server Root CA (ID=veOE2wDA)
Expires on: Mar 29, 2027
Current date: Mar 30, 2022

Chrome version: 99.0.4844.51

Bug 44312 (worksforme since 2017) could be related.

Web search: https://blog.expta.com/2017/06/fix-for-certificate-error-in-chrome.html
Comment 1 Arvid Requate univentionstaff 2022-03-30 20:01:02 CEST 

*** This bug has been marked as a duplicate of bug 53288 ***